mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
e558ae4921
To support Intel CET, all indirect branch targets must start with endbranch. Here is a patch to add endbranch to all function entries in x86 assembly codes which are indirect branch targets as discovered by running openssl testsuite on Intel CET machine and visual inspection. Since x86 cbc.pl uses indirect branch with a jump table, we also need to add endbranch to all jump targets. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10984)
364 lines
9.3 KiB
Raku
364 lines
9.3 KiB
Raku
#! /usr/bin/env perl
|
|
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
|
# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
|
|
# des_cblock (*input);
|
|
# des_cblock (*output);
|
|
# long length;
|
|
# des_key_schedule schedule;
|
|
# des_cblock (*ivec);
|
|
# int enc;
|
|
#
|
|
# calls
|
|
# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
|
|
#
|
|
|
|
#&cbc("des_ncbc_encrypt","des_encrypt",0);
|
|
#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
|
|
# 1,4,5,3,5,-1);
|
|
#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
|
|
# 0,4,5,3,5,-1);
|
|
#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
|
|
# 0,6,7,3,4,5);
|
|
#
|
|
# When doing a cipher that needs bigendian order,
|
|
# for encrypt, the iv is kept in bigendian form,
|
|
# while for decrypt, it is kept in little endian.
|
|
sub cbc
|
|
{
|
|
local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
|
|
# name is the function name
|
|
# enc_func and dec_func and the functions to call for encrypt/decrypt
|
|
# swap is true if byte order needs to be reversed
|
|
# iv_off is parameter number for the iv
|
|
# enc_off is parameter number for the encrypt/decrypt flag
|
|
# p1,p2,p3 are the offsets for parameters to be passed to the
|
|
# underlying calls.
|
|
|
|
&function_begin_B($name,"");
|
|
&comment("");
|
|
|
|
$in="esi";
|
|
$out="edi";
|
|
$count="ebp";
|
|
|
|
&push("ebp");
|
|
&push("ebx");
|
|
&push("esi");
|
|
&push("edi");
|
|
|
|
$data_off=4;
|
|
$data_off+=4 if ($p1 > 0);
|
|
$data_off+=4 if ($p2 > 0);
|
|
$data_off+=4 if ($p3 > 0);
|
|
|
|
&mov($count, &wparam(2)); # length
|
|
|
|
&comment("getting iv ptr from parameter $iv_off");
|
|
&mov("ebx", &wparam($iv_off)); # Get iv ptr
|
|
|
|
&mov($in, &DWP(0,"ebx","",0));# iv[0]
|
|
&mov($out, &DWP(4,"ebx","",0));# iv[1]
|
|
|
|
&push($out);
|
|
&push($in);
|
|
&push($out); # used in decrypt for iv[1]
|
|
&push($in); # used in decrypt for iv[0]
|
|
|
|
&mov("ebx", "esp"); # This is the address of tin[2]
|
|
|
|
&mov($in, &wparam(0)); # in
|
|
&mov($out, &wparam(1)); # out
|
|
|
|
# We have loaded them all, how lets push things
|
|
&comment("getting encrypt flag from parameter $enc_off");
|
|
&mov("ecx", &wparam($enc_off)); # Get enc flag
|
|
if ($p3 > 0)
|
|
{
|
|
&comment("get and push parameter $p3");
|
|
if ($enc_off != $p3)
|
|
{ &mov("eax", &wparam($p3)); &push("eax"); }
|
|
else { &push("ecx"); }
|
|
}
|
|
if ($p2 > 0)
|
|
{
|
|
&comment("get and push parameter $p2");
|
|
if ($enc_off != $p2)
|
|
{ &mov("eax", &wparam($p2)); &push("eax"); }
|
|
else { &push("ecx"); }
|
|
}
|
|
if ($p1 > 0)
|
|
{
|
|
&comment("get and push parameter $p1");
|
|
if ($enc_off != $p1)
|
|
{ &mov("eax", &wparam($p1)); &push("eax"); }
|
|
else { &push("ecx"); }
|
|
}
|
|
&push("ebx"); # push data/iv
|
|
|
|
&cmp("ecx",0);
|
|
&jz(&label("decrypt"));
|
|
|
|
&and($count,0xfffffff8);
|
|
&mov("eax", &DWP($data_off,"esp","",0)); # load iv[0]
|
|
&mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1]
|
|
|
|
&jz(&label("encrypt_finish"));
|
|
|
|
#############################################################
|
|
|
|
&set_label("encrypt_loop");
|
|
# encrypt start
|
|
# "eax" and "ebx" hold iv (or the last cipher text)
|
|
|
|
&mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes
|
|
&mov("edx", &DWP(4,$in,"",0)); # second 4 bytes
|
|
|
|
&xor("eax", "ecx");
|
|
&xor("ebx", "edx");
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
|
|
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
|
|
|
|
&call($enc_func);
|
|
|
|
&mov("eax", &DWP($data_off,"esp","",0));
|
|
&mov("ebx", &DWP($data_off+4,"esp","",0));
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP(0,$out,"",0),"eax");
|
|
&mov(&DWP(4,$out,"",0),"ebx");
|
|
|
|
# eax and ebx are the next iv.
|
|
|
|
&add($in, 8);
|
|
&add($out, 8);
|
|
|
|
&sub($count, 8);
|
|
&jnz(&label("encrypt_loop"));
|
|
|
|
###################################################################3
|
|
&set_label("encrypt_finish");
|
|
&mov($count, &wparam(2)); # length
|
|
&and($count, 7);
|
|
&jz(&label("finish"));
|
|
&call(&label("PIC_point"));
|
|
&set_label("PIC_point");
|
|
&blindpop("edx");
|
|
&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
|
|
&mov($count,&DWP(0,"ecx",$count,4));
|
|
&add($count,"edx");
|
|
&xor("ecx","ecx");
|
|
&xor("edx","edx");
|
|
#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
|
|
&jmp_ptr($count);
|
|
|
|
&set_label("ej7");
|
|
&endbranch()
|
|
&movb(&HB("edx"), &BP(6,$in,"",0));
|
|
&shl("edx",8);
|
|
&set_label("ej6");
|
|
&endbranch()
|
|
&movb(&HB("edx"), &BP(5,$in,"",0));
|
|
&set_label("ej5");
|
|
&endbranch()
|
|
&movb(&LB("edx"), &BP(4,$in,"",0));
|
|
&set_label("ej4");
|
|
&endbranch()
|
|
&mov("ecx", &DWP(0,$in,"",0));
|
|
&jmp(&label("ejend"));
|
|
&set_label("ej3");
|
|
&endbranch()
|
|
&movb(&HB("ecx"), &BP(2,$in,"",0));
|
|
&shl("ecx",8);
|
|
&set_label("ej2");
|
|
&endbranch()
|
|
&movb(&HB("ecx"), &BP(1,$in,"",0));
|
|
&set_label("ej1");
|
|
&endbranch()
|
|
&movb(&LB("ecx"), &BP(0,$in,"",0));
|
|
&set_label("ejend");
|
|
|
|
&xor("eax", "ecx");
|
|
&xor("ebx", "edx");
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
|
|
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
|
|
|
|
&call($enc_func);
|
|
|
|
&mov("eax", &DWP($data_off,"esp","",0));
|
|
&mov("ebx", &DWP($data_off+4,"esp","",0));
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP(0,$out,"",0),"eax");
|
|
&mov(&DWP(4,$out,"",0),"ebx");
|
|
|
|
&jmp(&label("finish"));
|
|
|
|
#############################################################
|
|
#############################################################
|
|
&set_label("decrypt",1);
|
|
# decrypt start
|
|
&and($count,0xfffffff8);
|
|
# The next 2 instructions are only for if the jz is taken
|
|
&mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0]
|
|
&mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1]
|
|
&jz(&label("decrypt_finish"));
|
|
|
|
&set_label("decrypt_loop");
|
|
&mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
|
|
&mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
|
|
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
|
|
|
|
&call($dec_func);
|
|
|
|
&mov("eax", &DWP($data_off,"esp","",0)); # get return
|
|
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
|
|
&mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
|
|
|
|
&xor("ecx", "eax");
|
|
&xor("edx", "ebx");
|
|
|
|
&mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
|
|
&mov("ebx", &DWP(4,$in,"",0)); # next iv actually
|
|
|
|
&mov(&DWP(0,$out,"",0),"ecx");
|
|
&mov(&DWP(4,$out,"",0),"edx");
|
|
|
|
&mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv
|
|
&mov(&DWP($data_off+12,"esp","",0), "ebx"); #
|
|
|
|
&add($in, 8);
|
|
&add($out, 8);
|
|
|
|
&sub($count, 8);
|
|
&jnz(&label("decrypt_loop"));
|
|
############################ ENDIT #######################3
|
|
&set_label("decrypt_finish");
|
|
&mov($count, &wparam(2)); # length
|
|
&and($count, 7);
|
|
&jz(&label("finish"));
|
|
|
|
&mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
|
|
&mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
|
|
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
|
|
|
|
&call($dec_func);
|
|
|
|
&mov("eax", &DWP($data_off,"esp","",0)); # get return
|
|
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
|
|
|
|
&bswap("eax") if $swap;
|
|
&bswap("ebx") if $swap;
|
|
|
|
&mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
|
|
&mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
|
|
|
|
&xor("ecx", "eax");
|
|
&xor("edx", "ebx");
|
|
|
|
# this is for when we exit
|
|
&mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
|
|
&mov("ebx", &DWP(4,$in,"",0)); # next iv actually
|
|
|
|
&set_label("dj7");
|
|
&rotr("edx", 16);
|
|
&movb(&BP(6,$out,"",0), &LB("edx"));
|
|
&shr("edx",16);
|
|
&set_label("dj6");
|
|
&movb(&BP(5,$out,"",0), &HB("edx"));
|
|
&set_label("dj5");
|
|
&movb(&BP(4,$out,"",0), &LB("edx"));
|
|
&set_label("dj4");
|
|
&mov(&DWP(0,$out,"",0), "ecx");
|
|
&jmp(&label("djend"));
|
|
&set_label("dj3");
|
|
&rotr("ecx", 16);
|
|
&movb(&BP(2,$out,"",0), &LB("ecx"));
|
|
&shl("ecx",16);
|
|
&set_label("dj2");
|
|
&movb(&BP(1,$in,"",0), &HB("ecx"));
|
|
&set_label("dj1");
|
|
&movb(&BP(0,$in,"",0), &LB("ecx"));
|
|
&set_label("djend");
|
|
|
|
# final iv is still in eax:ebx
|
|
&jmp(&label("finish"));
|
|
|
|
|
|
############################ FINISH #######################3
|
|
&set_label("finish",1);
|
|
&mov("ecx", &wparam($iv_off)); # Get iv ptr
|
|
|
|
#################################################
|
|
$total=16+4;
|
|
$total+=4 if ($p1 > 0);
|
|
$total+=4 if ($p2 > 0);
|
|
$total+=4 if ($p3 > 0);
|
|
&add("esp",$total);
|
|
|
|
&mov(&DWP(0,"ecx","",0), "eax"); # save iv
|
|
&mov(&DWP(4,"ecx","",0), "ebx"); # save iv
|
|
|
|
&function_end_A($name);
|
|
|
|
&align(64);
|
|
&set_label("cbc_enc_jmp_table");
|
|
&data_word("0");
|
|
&data_word(&label("ej1")."-".&label("PIC_point"));
|
|
&data_word(&label("ej2")."-".&label("PIC_point"));
|
|
&data_word(&label("ej3")."-".&label("PIC_point"));
|
|
&data_word(&label("ej4")."-".&label("PIC_point"));
|
|
&data_word(&label("ej5")."-".&label("PIC_point"));
|
|
&data_word(&label("ej6")."-".&label("PIC_point"));
|
|
&data_word(&label("ej7")."-".&label("PIC_point"));
|
|
# not used
|
|
#&set_label("cbc_dec_jmp_table",1);
|
|
#&data_word("0");
|
|
#&data_word(&label("dj1")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj2")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj3")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj4")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj5")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj6")."-".&label("PIC_point"));
|
|
#&data_word(&label("dj7")."-".&label("PIC_point"));
|
|
&align(64);
|
|
|
|
&function_end_B($name);
|
|
|
|
}
|
|
|
|
1;
|